Clash of the Titans – Users, iPads and IT

Users connected the iPad to the corporate environment and IT got scared.

If you went to the Apple store and did a demo of the iPad, you might have noticed the installed Citrix Receiver (honestly, did anyone actually demo these things before buying? I bet most of us just bought it without playing around with it). But, let’s say you did demo and you selected the Receiver, what would you have seen? Windows Applications.

Yes, Windows Applications on the iPad. I admit, that is pretty cool. In fact, why not put Windows 7 on the iPad. It is possible. I’ve also seen reports that people are now using the iPad at work, although right now it is for minor tasks, but this will only increase. Chris Fleck recently posted a blog talking about some of the top business use cases for the iPad. These are great ideas, but before our employees start using a virtual Windows 7 XenDesktop desktop on the iPad for work, we need to get the environment prepared.

These items are HOT. And you know what happens to new technology? It gets stolen. It gets hacked. First, let’s make sure our environment is secured. Second, let’s give the user the best experience.

To secure the environment, there are a few things that should be done:

Require authentication. Seems pretty obvious, but you can connect to virtualized applications and desktops with anonymous accounts (there are business reasons why, but this is not one of the). If the iPad is stolen, the thief can only see the Receiver, but cannot log in.

Enable encryption: Citrix can encrypt the communication between the iPad and the virtual desktops/applications with RC5-128bit encryption. As users will connect over any number of wireless networks, it is recommended that the communication is encrypted from prying eyes.

Disable device mapping: Although some of local iPad objects cannot yet be seen within the virtualized desktops/applications (drives, clipbard, etc), it is recommended to still disable these features from within the XenDesktop/XenApp farms as a precaution. The Receiver will go through updates and will add new functionality. You, as the administrator, don’t want to be surprised when users start copying materials to/from their iPads.

By doing these simple items, we can make our iPad connections to Windows 7 desktops and Windows applications more secure. But how do we make the user experience better? Here are some recommendations:

HDX: Many users will browse web sites on their iPads. By enabling HDX browser acceleration, we can compress the images and give the user a faster browsing experience. Also, because the iPad does not support Flash natively, by accessing a hosted browser, users can view websites with integrated flash content. By enabling HDX Flash (Server-side rendering), we can allow users to view flash animation content at reasonable performance levels by slightly degrading the flash quality.

Visual Effects: Windows has many features that provide an interactive experience, but some of these items require additional bandwidth. For iPad users, it is recommended to disable menu animations and to disable window content while dragging. This allows the desktop to have faster response times. Although we can also disable the user’s desktop background, I prefer to keep the backgrounds enabled. Hey, it’s the first thing the user sees that helps create that personalized environment.

Audio: Although we can disable audio, that really diminishes the user experience, especially if we are using a hosted browser so users can access flash content. Let’s keep audio enabled, but only provide medium sound quality, which will give better performance.

The last thing we must be concerned with is that these settings do not interfere with other users. Not everyone is going to have an iPad. Even iPad users will still access their virtual desktops/applications over other devices. We don’t want these security/optimization settings from impacting others. In order to accommodate iPad users, we need to create a policy with all of these settings and apply the policy to only iPad devices. By filtering on the client name of iPhone* and iPad*, we can accomplish just that.

Remember, it’s a balance between providing an acceptable user experience, while allowing for performance and security. By tweaking the policy we can provide. So before your first user tries to use the iPad on your XenDesktop and XenApp environments, better get your infrastructure ready. No matter what you do, users will start to use their iPads to change how they access their applications. They iPad might even have an impact on what devices they use to do their work. To get ready, you need to prepare and secure your environment appropriately.

Share

Tagged under:

Daniel Feller is a Lead Architect at Citrix. With a app and desktop virtualization history dating back to 1997, Daniel has participated in many different deployments taking on many different roles. After graduating from Purdue University, Daniel started out as an IT Admin deploying WinFrame and MetaFrame 1.0. Daniel soon joined Citrix Consulting as one of the first consultants and spent many years working on some of the world’s largest and most complex environments. In addition to field projects, Daniel has also authored several well known whitepapers like the XenDesktop Design Handbook and created the intricate logic behind Citrix Project Accelerator. Daniel can usually be seen speaking at conferences focusing on design topics for application and desktop virtualization.